UNPKG

sicua

Version:

A tool for analyzing project structure and dependencies

github.com/sicua-labs/sicua

sicua-labs/sicua

69 lines (68 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/** * Security context analysis utilities for vulnerability detection */ export type FileContext = "api-route" | "middleware" | "component" | "config" | "environment" | "utility" | "test" | "unknown"; export type SecurityRiskContext = "authentication" | "authorization" | "data-processing" | "external-communication" | "configuration" | "client-side" | "server-side" | "none"; export interface FileContextInfo { /** The type of file based on location and content */ fileType: FileContext; /** Security risk areas this file is involved in */ riskContexts: SecurityRiskContext[]; /** Whether this file handles sensitive data */ handlesSensitiveData: boolean; /** Whether this file is client-side accessible */ isClientSide: boolean; /** Whether this file has network access */ hasNetworkAccess: boolean; /** Authentication libraries used */ authLibraries: string[]; /** Environment variables accessed */ envVariables: string[]; } export declare class SecurityContext { /** * Determine the context of a file for security analysis */ static analyzeFileContext(filePath: string, content: string): FileContextInfo; /** * Determine the type of file based on path and content */ private static determineFileType; /** * Identify security risk contexts for the file */ private static identifyRiskContexts; /** * Check if content suggests sensitive data handling */ private static detectsSensitiveDataHandling; /** * Determine if file is client-side accessible */ private static isClientSideFile; /** * Check if content indicates network access */ private static detectsNetworkAccess; /** * Extract authentication libraries used */ private static extractAuthLibraries; /** * Extract environment variables accessed in the file */ private static extractEnvironmentVariables; /** * Helper methods for pattern detection */ private static isConfigFile; private static isTestFile; private static isReactComponent; private static hasAuthPatterns; private static hasAuthorizationPatterns; private static hasDataProcessingPatterns; private static hasExternalCommunicationPatterns; private static hasConfigPatterns; private static hasClientSidePatterns; private static hasServerSidePatterns; }